US9773227B2 - Fraud detection based on efficient frequent-behavior sorted lists - Google Patents
Fraud detection based on efficient frequent-behavior sorted lists Download PDFInfo
- Publication number
- US9773227B2 US9773227B2 US13/340,469 US201113340469A US9773227B2 US 9773227 B2 US9773227 B2 US 9773227B2 US 201113340469 A US201113340469 A US 201113340469A US 9773227 B2 US9773227 B2 US 9773227B2
- Authority
- US
- United States
- Prior art keywords
- frequency
- transaction
- data
- variable
- activity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
-
- G06Q40/025—
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/03—Credit; Loans; Processing thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/12—Accounting
Definitions
- Various embodiments described herein relate to apparatus, systems, and methods associated with an apparatus and method for detecting fraud based on efficient frequent-behavior sorted lists.
- a phone may be stolen or a spending card may be stolen before a customer realizes it.
- a customer may think that a phone or card may be misplaced and so the customer thinks the phone or card will turn up soon so a customer waits before reporting the item lost or stolen.
- a thief or a fraudster may use a phone to make downloads, buy music, buy ringtones and make expensive calls, such as to overseas locations.
- the thief or fraudster with a credit card or debit card will generally make a number of purchases involving large transactions amounts or will withdraw large amounts of money from a bank account via an automated teller machine (ATM).
- ATM automated teller machine
- Fraudsters are becoming increasingly ingenious. For example, with the increase in communications and electronic transactions, incidents of fraud surrounding these activities has increased.
- One type of telecommunications fraud includes “cloning” a cellular telephone.
- an identifier such as a serial number
- a fraudster can fraudulently charge calls to the account holder of the original cellular telephone.
- Other fraudulent activity includes stealing credit or debit card numbers.
- Some workers carry small readers for reading the vital information off of a credit card. A person may get a job as a waiter or cashier in a restaurant and when the customer provides his card, the card may be swiped as part of payment and swiped again using the small reader. The card information is captured and then the person misappropriating the card information will use the information to make unauthorized purchases, or sell the information related to the card to others who will place unauthorized purchases.
- the frequent-behavior sorted list method is such a fraudulent transaction detection method that dynamically tracks the frequently dialed phone numbers, the most frequently visited ATMs, or Point of Sale Merchants, or the like for an individual account. Deviation from such frequent spending behaviors indicates a higher probability of fraud. For instance, a phone user usually calls only a few phone numbers regularly (family and close friends); a debit card user usually withdraws cash from a few ATMs that are close to work or home.
- the set of most frequent called numbers by a phone user are usually fairly stable. Therefore, we can treat the set of the most frequent destination numbers extracted from the frequency-behavior list as a calling-signature of a phone user.
- a fraudster who steals several phones will have a similar calling pattern across all phones. In the repeat fraudster situation, finding similar signatures enables fraud analysts to identify phones linked to the same person despite fake or forged identity information.
- a fraudster signature database can be built to be compared against with the signature of phone user of each incoming transaction to identify repeated fraud.
- FIG. 1 is a block diagram of a system that is used to determine frequency information associated with a plurality of data transactions, according to an example embodiment.
- FIG. 2 is a block diagram of an example modeling component used in at least one embodiment of the system of FIG. 1 , according to an example embodiment.
- FIG. 3 a computerized method for detecting fraud using frequency data, according to an example embodiment.
- FIG. 4 is a flow diagram of a computerized method for detecting fraud based on signatures formed by behavior sorted lists, according to an example embodiment.
- FIG. 5 is a machine or computer-readable media that includes a set of instructions, according to an example embodiment.
- FIG. 1 is a block diagram of a computer system 100 that is used to determine frequency information associated with a plurality of data transactions, according to an example embodiment.
- the computer system 100 includes a frequency determination component 110 for determining frequency information associated with a plurality of data transactions, and a conversion component 120 for converting the frequency information into a frequency variable.
- the frequency variable is an output 122 from the conversion component 120 .
- the output 122 includes a frequency table.
- the frequency table may be sorted and, in some embodiments, may take the from of a frequent-behavior sorted list that includes the most frequent transactions or behaviors associated with a specific account.
- the frequency-behavior sorted list forms a signature for a particular user.
- the frequency determination component 110 may include a decay component portion 112 which decays past data transactions when a new data transaction is detected.
- a new frequency that is related to an account and to the plurality of data transactions associated with the account can be added to a table of transactions, thereby replacing an entry in the frequency table that has the least frequency.
- a frequency below a selected frequency threshold may be dropped or replaced on the frequency-behavior sorted list.
- the computer system 100 also includes a prediction component 130 for predicting fraud based on the frequency variable output 122 from the conversion component 120 .
- the prediction component 130 includes a modeling component 200 .
- the modeling component 200 predicts fraud in response to a plurality of variables, including the frequency variable and derived variables of the frequency variable.
- the prediction component 130 has an output 132 .
- FIG. 2 is a block diagram of an example modeling component 200 used in at least one embodiment of the system 100 of FIG. 1 , according to an example embodiment.
- the modeling component 200 includes a learning component 220 and a predictive component 230 .
- the learning component 220 processes historical data 210 and recognizes various patterns.
- the historical data 210 is historical transaction data associated with a credit card, debit card, phone or the like.
- the historical data can be transaction data associated with an ATM, or can be transaction data associated with calls made by a person on an account. Patterns are typically found in the historical data.
- One or more variables are tested to find a correlation between the transaction data and known fraudulent actions. Once the variables are correlated to patterns in the historical data, the variables can be used to predict fraud or a higher probability of fraud using current data.
- the output can be fed back to the model to further test and refine the model in a feedback loop fashion.
- the predictive component 230 has an output 232 which may correspond to the output 132 . In other embodiments, the output 232 may be combined with some other variable to form the output 132 .
- FIG. 3 is a computerized method 300 for detecting fraud using frequency data, according to an example embodiment.
- the computerized method 300 for detecting fraud includes obtaining frequency information on transaction data for at least one entity 310 , converting frequency information to a frequency variable 312 , and predicting whether an activity is fraudulent in response to the frequency variable 314 .
- the entity may be an account associated with a debit card or credit card.
- the entity can also be an account for a telephone or mobile phone.
- Frequency information can be kept on the basis of locations, times, merchant categories, or the like. More than one type of frequency information may be used.
- the frequency variable may also be used with at least one other variable to predict fraudulent activity.
- predicting whether an activity is fraudulent 314 includes utilizing the frequency variable in a model.
- the frequency variable is associated with a frequency table.
- Detecting or obtaining the frequency information 310 can include updating a frequency table as the transaction occurs in real-time. In some instances the updating may be done dynamically in batch processing. Detecting or obtaining frequency information 310 can also include a portion or component which decays over time. When a frequency table is used, one or more of the entries may decay over time. There may also be a portion or component which updates the frequency data. When a frequency table is used, the frequency table can be updated by dropping the least frequent occurring event and replacing it with a more frequently occurring event. In some instances, a frequency related to a transaction is added to the frequency table to replace a less frequently occurring entry in the frequency table. The less frequently occurring entry may also have a frequency below a selected frequency threshold.
- Frequency information can be gathered on many types of data transactions and used to give an indication of fraudulent activity.
- the data transactions may be related to telephone calls, credit card transactions, debit card transactions, or the like.
- the frequency of data transactions obtained may be related to all types of financial transaction accounts, such as online banking, checking, DDA accounts, credit line accounts, and the like.
- the frequency of data transactions obtained may be related to IP addresses, ATM devices, or POS devices, and the like. In other words, this method is not restricted to certain types of accounts or devices but is widely applicable.
- Frequency information regarding times, locations, and the like can also be gathered and used to generate information about the probability of a fraudulent transaction.
- data related to the various data transactions can include not only the frequency of data transactions but also the location of the transaction. Locations can include unique terminal ID, street address, or postal code of one or more ATMs used most often by the card holder. Similar frequency information may be gathered for Point of Sale devices which are usually generally used by a specific merchant. The amount of the transaction, the time at which the transaction occurred, and the category of the transaction as well as the frequency of the transactions can also be obtained and used to determine probability of fraud. The destination phone number and frequency can also be used to determine the probability of telephone fraud. Most customers call certain numbers much more frequently than others.
- FIG. 4 is a flow diagram of a computerized method 400 for detecting fraud, according to an example embodiment.
- the computerized method 400 includes generating a signature 410 of unique activity of an account based on the entities associated with the account and their corresponding frequency values in a frequent-behavior sorted list.
- the generated signature of unique activity of an account is based on the entities associated with the account and their corresponding frequency values in a frequent-behavior sorted list.
- the signature can be used in several ways. In one embodiment, the signature can be monitored for deviations in the pattern portrayed by the signature. The amount of variation from the signature can be useful in determining if there is a potential for fraud. In another embodiment, the signature is further used to identify potential fraudulent persons.
- the signature of unique activity of frequency ordered entities are compared to a historical list of fraud signatures of specific entities and their ordered frequencies.
- the computerized method 400 compares or matches an account signature 412 of unique activity of frequency ordered entities to signatures on the fraud list to generate a fraud alert or a fraud score based in riskiness of repeat fraud. This can be useful in identifying if a particular criminal may be using a stolen phone, for example. Many times, a person will be linked to fraudulent acts with respect to the numbers dialed when they steal the phone. criminals generally do not stop at spoofing or stealing one number or accessing one account. They tend to call the same set of numbers regardless of whose phone is being spoofed or used. By comparing their signature to other phones signatures, possible matches can be identified among other phone accounts.
- FIG. 5 is a machine-readable medium 500 that provides instructions 510 that, when executed by a machine, cause the machine to: obtain frequency information related to data regarding a plurality of transactions, convert frequency information to a frequency variable, and predict whether an activity is fraudulent in response to the frequency variable.
- the machine-readable medium 500 is any type of medium.
- the term “machine-readable medium” refers to any computer program product, apparatus and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs), or a link to the Internet) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal.
- PLDs Programmable Logic Devices
- machine-readable signal refers to any signal used to provide machine instructions and/or data to a programmable processor.
- Computer programs also known as programs, software, software applications or code
- the instructions on the machine-readable medium may also cause the machine to use the frequency variable and at least one other variable in a model to predict whether an activity is fraudulent.
- the instructions may also cause the machine to track the frequency of occurrence of data transactions over a selected time. In one embodiment, the frequency of occurrence of data transactions over a selected time is determined by updating a frequency table substantially as the transaction data occurs.
- the frequency table may also include a portion which decays over time. The decay portion is produced by instructions within the instruction set on the machine-readable medium.
- Frequent-behavior Sorted Lists are an effective profile-driven analytic technique for fraud detection.
- Features constructed from such lists improve fraud detection performance in a broad range of applications including telecommunications (telecom) fraud, and debit and credit card fraud.
- a carefully designed analytic tool efficiently maintains a Frequent-behavior Sorted List associated with the profiled entity (telephone or debit card for example).
- the analytic tool significantly reduces the computation burden of determining the frequent behavior patterns of a profiled entity.
- the resulting frequent-behavior lists are then used to derive specific fraud feature variables based on abnormalities in the behavior of the entity.
- a behavior abnormality is observed when, for example, a customer has often utilized a particular ATM before with their debit/credit card or transferred money to a particular destination account before using an online banking application and is now using a different ATM, or depositing the money into a different account, respectively.
- Signatures also can be derived from frequent-behavior sorted lists and used to identify potential fraudsters from already caught fraudsters using distance-based metrics associated with the two different entities' behavior sorted lists.
- An efficient signature matching method is devised for use in high-throughput environments. Jointly, efficient analytic tools and corresponding derived fraud features enable real-time execution utilizing behavior lists in fraud detection over a broad range of applications while removing the need for storing a supporting database of past transactions to determine frequent-entities in the transaction history.
- this section describes the Frequent-behavior Sorted List method as used in the telecommunication context.
- a caller dials a number to reach an intended callee.
- the number that identifies the callee is called the destination number.
- the Frequent-sorted list of destination numbers associated with a caller is relatively stable. These frequently dialed numbers are typically destination telephone numbers of family members and friends. If the caller is a fraudster, many times the frequently dialed or called numbers are to the other members of a fraud ring. Hence, it can be quite predictive in fraud detection for a caller's calling behavior to be captured by lists that track the most frequently-called destination numbers. Calls made to numbers not on most-frequently-called lists bear higher risk than those numbers on the list. Such calls can be an indication of a stolen or cloned phone. Combining whether the call is frequent or not-frequent with other attributes of the call such as time/day patterns and whether the call is premium/international type call can point to an even higher probability that the current call corresponds to a fraudulent use of the phone.
- Frequent-destination-number Sorted List (Frequent-number list) is an application of the Frequent-behavior Sorted List method for detection of telecom fraud.
- a profile is generated that mathematically summarizes the callers various calling patterns. The profile is maintained and updated upon each call. Elements contained in the profiles called predictive variables (or just variables) are also updated from call to call and used in the prediction of fraud.
- predictive variables or just variables
- the frequent-number list method utilizes the following three tables, stored in profiles:
- the Number Table and Frequency Table are coupled via common indices. From the above Number Table and Frequency Table, the frequency for number destination number “1111” (with index 1 in the Number Table) is 0.2. The frequency for number destination number “2222” (with index 2 in the Number table) has a frequency of 0.7. The frequency for number destination number “4321” (with index 14) has a frequency of 0.4.
- the ranking table stores the common indices of number table and frequency table in the decreasing order of the frequency. For example, referring to the Ranking table, index 11 in the number table (corresponding to number “1234”) has the highest frequency (3.1), index 13 (corresponding to the number “3434”) the second-highest frequency (2.3), and so on.
- the Number table is looked up to determine whether the destination number is in the list. If so, then the rank of the number is retrieved from the Ranking table. Then, various variables are calculated based on whether the destination number is a frequently dialed or not-frequently dialed number. Once the lookup is complete, the tables are updated as follows:
- the decay parameters ⁇ can be tuned for fast (with small ⁇ ) or slow (with large ⁇ ) decay of the past history (this is related to the “memory” that the profile has of past history of calling of destination numbers). Values in the range from 0.6 to 0.95 have been empirically found to be most suitable for ⁇ in telecom applications.
- the parameter ⁇ can be tuned based on how quickly entities are up for recycling; typically the table size is made large enough that entities that are frequent will have an opportunity to increase their rank in the table before being a candidate for recycling. Recent applications include a real-time adjusting of the value of ⁇ based on the frequency of recycling to maintain reasonable number turn-over on the Frequent-Number List.
- the third step of determining the ranking of the number can be time-consuming if implemented with common efficient sorting algorithms whose time-complexity is O(n log n), where n is the size of the table.
- n is the size of the table.
- a methodology is used in linear time as described below.
- the following linear time-complexity methodology is thus designed to efficiently implement the Ranking table update of the Frequent-List update procedure.
- the Ranking table update methodology will be further detailed.
- the current number is “4321”, which happens to be in the table and is indexed with 14 in the Number table. From the Ranking table, index 14 currently has a ranking of 13.
- Frequency table then gets updated (see Table 2 below).
- Table 2 below.
- the Frequency table update that the frequency of number “4321” now has a rank of 11 (by binary-search of the ranking table).
- To update the ranking table all we need to do is to shift each index entry for ranking 11 to 12 in the ranking table one-rank downwards (new rankings of 12 and 13) and then insert the index of “4321”, 14, in the 11 th entry of the Ranking table (See below).
- Calls have basic characteristics used to describe and rate the call. Some of the basic characteristics include duration, international/premium-rate, and cost. Variables that are jointly constructed from such features and Frequent-number Sorted Lists are shown to be predictive over a wide number of implementation, geographic regions, and operating conditions, and the like.
- a non-frequent call is defined as a call where the destination number is not one of the k most frequent numbers in Frequent-number Sorted Lists (For illustration purposes, we take k to be seven in the following example).
- Simple variables can be constructed in a straightforward manner. For example, a binary variable “NOTTOP7” can be defined to take value 1 if a call is a non-frequent call and 0 otherwise. Combining “NOTTOP7” with the cost of the calls allows one to construct the variable “NOTTOP7_COST” to take a non-zero value if the current call is a non-frequent call and 0 otherwise. The larger the value that the variable “NOTTOP7_COST” takes, the higher the risk a call bears.
- Event average variables approximate the average of discrete events based on the following iterative formula:
- N is a decay parameter that controls the contributions of the historical values compared to the current value in the estimate of the average. Roughly speaking, N determines the contributions of values in the past to the average value. Usually N is set from 5 to 40 in telecom fraud applications.
- NOTTOP7_VAL_AVG is computed iteratively from the current value of NOTTOP7_COS n and its previous value NOTTOP7_VAL_AVG n-1 , which would be stored in the caller's profile.
- NOTTOP7_VAL can be computed iteratively from NOTTOP7_COST as follows:
- NOTTOP7_VAL n 1 - e - ⁇ 1 - e - ⁇ ⁇ ⁇ i n ⁇ NOTTOP7_COST n + 1 - e - ⁇ ⁇ ⁇ i n - 1 1 - e - ⁇ ⁇ ⁇ t n ⁇ e - ⁇ ⁇ ( t n - t n - 1 ) ⁇ NOTTOP7_VAL n - 1 where t n and t n-1 are the time of the current and previous call events and ⁇ is a decay parameter and commonly set reflect the time over which a time-based average is desired. Variables, such as NOTTOP7_VAL approximate the “velocity” of cost associated with non-frequent calls. Such “velocity” variables are quite predictive in fraud applications. In the below table examples of such variables that are useful in fraud detection are provided:
- Ratios of the velocity variables have been found to be effective measures for increases in suspicious use of a phone. Ratio variables are used to detect and emphasize changes in usage and rate of usage. Such ratio variables can also be constructed from event average variables. The ratios are generally considered accelerations as they indicate a time-dependent change in the velocity associated with an increase in the frequency or value of risky transactions.
- the set of most frequent destination numbers called by a caller is usually fairly stable. Therefore, the set of the most frequent destination numbers is treated as a signature, referred to as a calling-signature of a caller.
- a signature referred to as a calling-signature of a caller.
- a group of fraudsters share similar calling-signatures.
- a repeat fraudster who steals several phones will have a similar calling pattern or signature across all phones. In the repeat fraudster situation, finding similar signatures enables fraud analysts to identify phones linked to the same person despite fake or forged identity information.
- fraudsters in the ring call one another often. Therefore, when one is caught then others can be quickly identified based on a detected common signature with another fraudster in the ring.
- fraudsters usually call similar sets of destination numbers (usually premium and international numbers) in a short period of time.
- destination numbers usually call similar sets of destination numbers (usually premium and international numbers) in a short period of time.
- additional fraudsters can be identified from those fraudsters who have already been caught by matching historical calling signatures.
- One example involves taking the set of the three most frequent destination numbers as signature.
- a fast approach to match two signatures is based on whether at least two of the three top ranked destination numbers in one signature coincide with two numbers in the signature of a previously caught fraudster.
- the three numbers in each signature are denoted by N 1 , N m and N s , where N l ⁇ N m ⁇ N s .
- an efficient implementation of signature matching is conducted as follows. For each caught fraudster, three ordered pairs are constructed from the signature ⁇ N l , N m , N s ⁇ . The three ordered pairs are (N l , N m ), (N m , N s ) and (N l , N s ). These ordered pairs are stored as a hotlist in memory. Upon receiving a call, the Frequent-number List of its caller is updated. From the caller's Frequent Number list, three pairs of destination numbers are constructed similarly. Then a comparison is made of each pair against the fraud signature hotlist of number pairs associated with previously detected fraudsters.
- Detecting a signature match with a previously detected fraudster is typically used along with rules to generate fraud cases for review, but can also be used to construct other fraud model variables based on matches with previous fraud signatures.
- a second application of the Frequent-behavior List is in credit and debit card fraud detection.
- several applications of the Frequent-behavior List to financial card fraud detection are presented.
- Cardholders can make purchases at Point of Sale (POS) devices at merchants.
- Merchants include brick and mortar merchants, mail order merchants, phone order merchants, and internet merchants.
- Cardholders can also withdraw cash from automated teller machine (ATM) terminals.
- ATM automated teller machine
- Each individual cardholder has a personal spending behavior that tends to consist of one or more regular patterns. For example, one may shop more often in some types of stores than others (or frequently repeatedly at the same merchant), or one's daily spending may be limited to certain zip codes when not traveling. Still another example is that one may often use a couple of convenient ATMs close to home or work to get cash. The most frequently exhibited spending activity demonstrates a pattern of use for a customer and is less risky than those spending events that are new and infrequent compared to that of the customer's historical pattern of use.
- each individual cardholder has his/her own shopping behavior in terms of “what types of merchants they shop at, where they shop, and when the shop”.
- Individual cardholders also have a cashing behavior in terms of “how much they usually withdraw from the ATM, and where the ATM is located, and when they withdraw from an ATM”.
- Such details are captured in transaction records.
- Basic information such as transaction date, time, and dollar amount are recorded in the transaction records.
- Shopping locations are identified via Merchant IDs, merchant names and street addresses, and merchant ZIP codes.
- Cashing location are similarly identified via ATM ID, ATM-Host Merchant name, Address, and terminal Postal Code (ZIP).
- Merchandize categories can be identified via Standard Industrial Codes (SICs) or Merchant Category Codes (MCCs). All of these parameters in the transaction record can be used to track frequent behavior.
- SICs Standard Industrial Codes
- MCCs Merchant Category Codes
- Frequent-behavior Lists can be applied to, but not limited by following entities associated with spending patterns.
- Location based entities would include those related to ATMs such as ATM terminal ID, ATM-Host Merchant Name, and the Address and Postal Code of the ATM. With respect to Merchants the relevant entities would include Merchant ID and Merchant Name along with location information such as Merchant Address and Merchant Postal Code.
- Each ATM can be identified by its ATM Terminal ID. Lists of frequent-visited ATMs capture regular patterns of a cardholders' cashing or withdrawal behavior. The ATM-host merchant name, address, and postal code can be also be used to identify the ATM.
- Each Merchant-ID uniquely identifies a merchant. By tracking a list of frequently visited merchants, regularity in the cardholder's purchasing patterns including their favorite merchants can be identified. Spending that aligns more closely to regular spending patterns identify less risky transactions.
- Each postal code covers a large geographic area, and usually the cardholder will make purchases or withdraw cash within certain local geographic areas when not traveling.
- the postal codes of merchants and ATM transactions can be tracked in two separate lists (i.e., Frequent-ATM-Postal-Code List and Frequent-Merchant Postal Code List) or one single list.
- the granularity size of the geographic region can be controlled by how many digits used to specify the postal code of the merchant or the ATM.
- the above frequent lists are all based on regular patterns associated with geographic or physical locations. It is also observed that cardholders usually patronize the same chain stores. For example, one may favor Sears for clothing and Starbucks for their coffee. Sears stores are located in different geographic locations within a city and a cardholder may visit more than one location of the same chain. Geographic location based frequent lists will not capture “common brand” shopping behaviors. To this end, lists of store chain names can be constructed to track such brand/chain loyalty shopping patterns.
- the shopping and cashing behavior of individual cardholders exhibits temporal pattern as well.
- a person may have a pattern as regard to when they withdraw cash. For example, some people may always go to an ATM on weekdays, some on weekends, some at daytime, or some at night time, or the like. Another common example, is when people shop for groceries, some will make a weekly trip on certain days or only weekdays or weekends.
- gas-stations When not traveling, people tend to go frequently to only a few gas stations close to home or work.
- the gas-stations can be recognized by MCC code (5542 and 5541), and they can be uniquely identified by merchant I.D., or the combination of merchant name, address and zip code. Given that gas transactions are typically risky transactions associated with fraudulent card use, knowing that the gas station is a frequently visited one in the history of the cardholder helps identify those gas transactions that are abnormal for the card.
- a NOTTOP-N variable in the card fraud area can be defined.
- the NOTTOP-N variable takes value of 1 when the new transaction does not appear in the TOP-N list, and takes values of 0 if it does. Generally, the NOTTOP-N transactions are more risky.
- Additional information from the Frequent-Behavior list can also be used to design basic variables, such the rank of each new transaction in the list, and more specifically, whether it is a HIT (found itself in the list) or MISS (not found itself in the list). Generally, ranking low on the list or a MISS (no match with any entry on the table) is more risky.
- NOTTOP_N_ATM_AMT Combining with the dollar amount for each ATM transaction, we can construct basic variable such as NOTTOP_N_ATM_AMT to take value of the ATM transaction amount if it is a non-frequent ATM transaction with respect to the list and 0 otherwise.
- Event average and velocity variables can be derived as illustrated in the following table, based on the transaction dollar amount (corresponding to the cost of a phone call in the telecom example). These dollar based variables, or frequency variables, provide additional predictive power in card fraud detection. Below are examples associated with a frequent-ATM-list:
- ratio variables of velocity and event variables can also be derived to determine acceleration or deceleration associated with risky non-frequent transaction activity associated with the payment card.
- a risk table for different ranks in the list can be generated.
- the risk table information is then used to identify the risk of the current transaction.
- the data population can be split into two groups: one group that belongs to TOP_N, the other belongs to NOTTOP_N.
- Each model can be trained separately, which could further improve the fraud detection performance.
- the list size can be determined by the data statistics to maintain certain miss-rates (the rate that new transactions do not find themselves on the list). Typically, a list size of 4 entities is sufficient for tracking frequently used ATMs by a cardholder.
- signatures can be constructed from the frequent-behavior lists considered in the above Payment Card examples to detect organized fraud in payment card transactions. For example, the purchases associated with a ring of fraudsters using stolen cards might concentrate on a small number of merchants or a small number of merchandize categories.
- signatures By matching the signatures (of a card) over a short period to the signatures of recently caught fraudster's cards, cards that have a high likelihood of being compromised and associated with an organized fraud ring can be identified. This likelihood can be used directly with the card-level fraud score to improve fraud detection and increase suspicion associated with an abnormal transaction.
- inventive subject matter may be referred to herein individually or collectively by the term “invention” merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept, if more than one is in fact disclosed.
- inventive concept any arrangement calculated to achieve the same purpose may be substituted for the specific embodiments shown.
- This disclosure is intended to cover any and all adaptations or variations of various embodiments. Combinations of the above embodiments and other embodiments not specifically described herein will be apparent to those of skill in the art upon reviewing the above description.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Strategic Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Economics (AREA)
- Marketing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Development Economics (AREA)
- Technology Law (AREA)
- Data Mining & Analysis (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Telephonic Communication Services (AREA)
Abstract
A computerized method for detecting fraud includes obtaining frequency information on entities in transaction data for at least one individual account, converting frequency information to a frequency variable, and predicting whether an activity is fraudulent in response to the frequency variable. In some embodiments, the frequency variable is used with at least one other variable to predict fraudulent activity.
Description
This application is a continuation of U.S. patent application Ser. No. 12/398,141, filed Mar. 4, 2009, entitled “FRAUD DETECTION BASED ON EFFICIENT FREQUENT-BEHAVIOR SORTED LISTS” which issued as U.S. Pat. No. 8,090,648, the disclosure of which is incorporated herein by reference.
Various embodiments described herein relate to apparatus, systems, and methods associated with an apparatus and method for detecting fraud based on efficient frequent-behavior sorted lists.
In many instances, a phone may be stolen or a spending card may be stolen before a customer realizes it. In other instances, a customer may think that a phone or card may be misplaced and so the customer thinks the phone or card will turn up soon so a customer waits before reporting the item lost or stolen. During the time between reporting the phone or credit card as lost or stolen, a thief or a fraudster may use a phone to make downloads, buy music, buy ringtones and make expensive calls, such as to overseas locations. The thief or fraudster with a credit card or debit card will generally make a number of purchases involving large transactions amounts or will withdraw large amounts of money from a bank account via an automated teller machine (ATM). Phone companies, credit card issuers, or debit card issuers attempt to limit fraud losses by immediately closing a customer's account upon receiving a report that the card has been lost or stolen. Since fraud losses can mount quickly, analytics and predictive models have been used to detect fraud or abuse of credit cards, debit cards, telephone charge cards, cell phones, and the like. Many times, the customer is getting a call about suspicious or potentially fraudulent activity before they realize a card is gone or a cell phone has been stolen.
Fraudsters are becoming increasingly ingenious. For example, with the increase in communications and electronic transactions, incidents of fraud surrounding these activities has increased. One type of telecommunications fraud includes “cloning” a cellular telephone. In this type of telecommunications fraud, an identifier, such as a serial number, for a cellular telephone is snooped, or read, as calls are transmitted, captured, and used to identify calls transmitted by other cellular telephones. Once the identifier is obtained, a fraudster can fraudulently charge calls to the account holder of the original cellular telephone.
Other fraudulent activity includes stealing credit or debit card numbers. Some workers carry small readers for reading the vital information off of a credit card. A person may get a job as a waiter or cashier in a restaurant and when the customer provides his card, the card may be swiped as part of payment and swiped again using the small reader. The card information is captured and then the person misappropriating the card information will use the information to make unauthorized purchases, or sell the information related to the card to others who will place unauthorized purchases. There are other schemes where a group of bad actors set up bogus ATM machines. In one instance, a convenience store owner was given $100 to allow a bogus machine to be placed in the store. The ATM included a reader only so prospective customers would use the machine and then complain that it did not dispense money. The bad actor would pick up the machine after several days and take it for “repair” and would never return. The misappropriated card numbers would then be either sold or used to make various purchases.
In short, various fraudulent schemes result in large losses to various institutions. Generally, the losses are billions of dollars per year. In addition, certain fraudsters and thieves are becoming increasingly knowledgeable and may adapt their methods so that they can go undetected longer, thereby further increasing fraud loss amounts. Therefore, there is large demand for systems and methods to detect fraudulent transactions, as well as a continuing need to find better ways to detect fraud or abuse of credit cards, debit cards, cell phones and the like.
The frequent-behavior sorted list method is such a fraudulent transaction detection method that dynamically tracks the frequently dialed phone numbers, the most frequently visited ATMs, or Point of Sale Merchants, or the like for an individual account. Deviation from such frequent spending behaviors indicates a higher probability of fraud. For instance, a phone user usually calls only a few phone numbers regularly (family and close friends); a debit card user usually withdraws cash from a few ATMs that are close to work or home.
The telecommunication scenario, the set of most frequent called numbers by a phone user are usually fairly stable. Therefore, we can treat the set of the most frequent destination numbers extracted from the frequency-behavior list as a calling-signature of a phone user. A fraudster who steals several phones will have a similar calling pattern across all phones. In the repeat fraudster situation, finding similar signatures enables fraud analysts to identify phones linked to the same person despite fake or forged identity information. Hence, a fraudster signature database can be built to be compared against with the signature of phone user of each incoming transaction to identify repeated fraud.
The frequency determination component 110 may include a decay component portion 112 which decays past data transactions when a new data transaction is detected. A new frequency that is related to an account and to the plurality of data transactions associated with the account can be added to a table of transactions, thereby replacing an entry in the frequency table that has the least frequency. A frequency below a selected frequency threshold may be dropped or replaced on the frequency-behavior sorted list.
The computer system 100 also includes a prediction component 130 for predicting fraud based on the frequency variable output 122 from the conversion component 120. The prediction component 130, in some embodiments, includes a modeling component 200. The modeling component 200 predicts fraud in response to a plurality of variables, including the frequency variable and derived variables of the frequency variable. The prediction component 130 has an output 132.
Frequency information can be gathered on many types of data transactions and used to give an indication of fraudulent activity. The data transactions may be related to telephone calls, credit card transactions, debit card transactions, or the like. In addition the frequency of data transactions obtained may be related to all types of financial transaction accounts, such as online banking, checking, DDA accounts, credit line accounts, and the like. In addition, the frequency of data transactions obtained may be related to IP addresses, ATM devices, or POS devices, and the like. In other words, this method is not restricted to certain types of accounts or devices but is widely applicable.
Frequency information regarding times, locations, and the like can also be gathered and used to generate information about the probability of a fraudulent transaction. For example, data related to the various data transactions can include not only the frequency of data transactions but also the location of the transaction. Locations can include unique terminal ID, street address, or postal code of one or more ATMs used most often by the card holder. Similar frequency information may be gathered for Point of Sale devices which are usually generally used by a specific merchant. The amount of the transaction, the time at which the transaction occurred, and the category of the transaction as well as the frequency of the transactions can also be obtained and used to determine probability of fraud. The destination phone number and frequency can also be used to determine the probability of telephone fraud. Most customers call certain numbers much more frequently than others.
To this point, the discussion has centered on more generalized specific embodiments of the invention. In the following paragraphs, specific embodiments directed toward telecom and toward financial instruments will be set forth.
Frequent-behavior Sorted Lists are an effective profile-driven analytic technique for fraud detection. Features constructed from such lists improve fraud detection performance in a broad range of applications including telecommunications (telecom) fraud, and debit and credit card fraud. A carefully designed analytic tool efficiently maintains a Frequent-behavior Sorted List associated with the profiled entity (telephone or debit card for example). The analytic tool significantly reduces the computation burden of determining the frequent behavior patterns of a profiled entity. The resulting frequent-behavior lists are then used to derive specific fraud feature variables based on abnormalities in the behavior of the entity. A behavior abnormality is observed when, for example, a customer has often utilized a particular ATM before with their debit/credit card or transferred money to a particular destination account before using an online banking application and is now using a different ATM, or depositing the money into a different account, respectively.
Signatures also can be derived from frequent-behavior sorted lists and used to identify potential fraudsters from already caught fraudsters using distance-based metrics associated with the two different entities' behavior sorted lists. An efficient signature matching method is devised for use in high-throughput environments. Jointly, efficient analytic tools and corresponding derived fraud features enable real-time execution utilizing behavior lists in fraud detection over a broad range of applications while removing the need for storing a supporting database of past transactions to determine frequent-entities in the transaction history.
To facilitate the presentation of various example embodiments, this section describes the Frequent-behavior Sorted List method as used in the telecommunication context.
In a telephone conversation, a caller dials a number to reach an intended callee. The number that identifies the callee is called the destination number. Often times, the Frequent-sorted list of destination numbers associated with a caller is relatively stable. These frequently dialed numbers are typically destination telephone numbers of family members and friends. If the caller is a fraudster, many times the frequently dialed or called numbers are to the other members of a fraud ring. Hence, it can be quite predictive in fraud detection for a caller's calling behavior to be captured by lists that track the most frequently-called destination numbers. Calls made to numbers not on most-frequently-called lists bear higher risk than those numbers on the list. Such calls can be an indication of a stolen or cloned phone. Combining whether the call is frequent or not-frequent with other attributes of the call such as time/day patterns and whether the call is premium/international type call can point to an even higher probability that the current call corresponds to a fraudulent use of the phone.
Frequent-destination-number Sorted List (Frequent-number list) is an application of the Frequent-behavior Sorted List method for detection of telecom fraud. For each caller, a profile is generated that mathematically summarizes the callers various calling patterns. The profile is maintained and updated upon each call. Elements contained in the profiles called predictive variables (or just variables) are also updated from call to call and used in the prediction of fraud. A group of variables, discussed below, are constructed based on the frequent-number list method will now be described in more detail.
The frequent-number list method utilizes the following three tables, stored in profiles:
-
- 1. A table of n most frequently dialed destination numbers (number table)
- 2. A table of pseudo-frequencies of the corresponding n most frequently dialed destination numbers (frequency table)
- 3. A table of ranking for these numbers.(ranking table)
These three tables are collectively referred to as the frequent-number list in the following description. It should be noted that the “frequencies” stored in the frequency table are not true “frequencies” of the corresponding destination numbers but are pseudo-frequencies that approximate or estimate the true frequencies and provide a relative ranking of frequencies of the destination numbers in the number list. Another item of note is that in telecom for residential customers a table size of 14 is often used. The table size has a historical basis in telecom applications. It should be noted that this methodology is equally applicable to different size tables.
For illustrative purposes, the following an example of a frequent-number list used in a telecom fraud application.
TABLE 1 |
Frequent-Number List Example |
Number Table | Frequency Table | Ranking Table |
index | Dest-number | index | Frequency | Ranking | Index to number |
1 | 1111 | 1 | 0.2 | 1 | 11 |
2 | 2222 | 2 | 0.7 | 2 | 13 |
. . . | . . . | . . . | . . . | . . . | . . . |
11 | 1234 | 11 | 3.1 | 11 | 12 |
12 | 2323 | 12 | 0.9 | 12 | 2 |
13 | 3434 | 13 | 2.3 | 13 | 14 |
14 | 4321 | 14 | 0.4 | 14 | 1 |
The Number Table and Frequency Table are coupled via common indices. From the above Number Table and Frequency Table, the frequency for number destination number “1111” (with index 1 in the Number Table) is 0.2. The frequency for number destination number “2222” (with index 2 in the Number table) has a frequency of 0.7. The frequency for number destination number “4321” (with index 14) has a frequency of 0.4. The ranking table stores the common indices of number table and frequency table in the decreasing order of the frequency. For example, referring to the Ranking table, index 11 in the number table (corresponding to number “1234”) has the highest frequency (3.1), index 13 (corresponding to the number “3434”) the second-highest frequency (2.3), and so on.
Upon each new call, the Number table is looked up to determine whether the destination number is in the list. If so, then the rank of the number is retrieved from the Ranking table. Then, various variables are calculated based on whether the destination number is a frequently dialed or not-frequently dialed number. Once the lookup is complete, the tables are updated as follows:
-
- All the frequencies in the Frequency table are decayed by a multiplicative factor β, 0<β<1;
- Then, Number table and Frequency table are updated as follows:
- If the current number is not in the Number table, then least-frequent number (determined by the Ranking table) is replaced with the current number if the least frequent number's frequency (based on the Frequency table) is less than a threshold δ,
-
-
- (NOTE: there are a multitude of other implementations for determining the threshold δ including use of adaptive thresholds based on match rates and recycling rates associated with the Number table). The frequency of the current number is initialized to be α. (NOTE: α is typically equal to a frequency update of 1 in most telecom fraud applications)
- If the current number is already in the Number table, then its frequency is increased by λ (NOTE: λ is typically equal to a frequency update of 1 in most telecom fraud applications).
- Finally, the Ranking table is updated accordingly to reflect any changes to the ranking of numbers based on the update.
-
From the frequency update method described above, it should be noted that “frequencies” in the frequency table are not true frequencies corresponding to the dialing of destination numbers. But, the above frequency updating method provides an efficient and recursive approximation for the true frequencies and the relative ranking of frequencies of the different destination numbers. This methodology is essential for fraud detection as a determination of fraud needs to be made on sub-second time scales utilizing profile structures and can not be based on searches in databases of historical calling behavior.
The decay parameters β can be tuned for fast (with small β) or slow (with large β) decay of the past history (this is related to the “memory” that the profile has of past history of calling of destination numbers). Values in the range from 0.6 to 0.95 have been empirically found to be most suitable for β in telecom applications. The parameter δ can be tuned based on how quickly entities are up for recycling; typically the table size is made large enough that entities that are frequent will have an opportunity to increase their rank in the table before being a candidate for recycling. Recent applications include a real-time adjusting of the value of δ based on the frequency of recycling to maintain reasonable number turn-over on the Frequent-Number List.
The third step of determining the ranking of the number can be time-consuming if implemented with common efficient sorting algorithms whose time-complexity is O(n log n), where n is the size of the table. To update the Ranking table more efficiently, a methodology is used in linear time as described below.
One key to this methodology is that it is unnecessary to recalculate the Ranking table from scratch with each new transaction. Note the following two important features of the table-updating procedure.
-
- 1. The decay step (multiplication by β) does not disturb the ranking table
- 2. The ranking table is stored (from transaction to transaction in the caller profile)
The following linear time-complexity methodology is thus designed to efficiently implement the Ranking table update of the Frequent-List update procedure.
-
- 1. Denote by i the index of current number in number table (or the frequency table)
- 2. Denote by r the rank of current number in ranking table
- i. r=14 if the current number replaces the least-frequent-number out of the table
- ii. Otherwise, r is the rank of current-number prior to updating
- 3. By binary-search of the sorted ranking table, the new rank of the current number, r′, with respect to its updated frequency (this is the frequency that is updated by α after all the frequencies in the Frequency table are decayed by multiplication by β) can be found. According to this frequency-updating methodology, r′<=r.
- 4. Shift each index entry in the ranking table from r′ to r−1 one-rank downwards and then insert index i into position r′
This methodology takes at most n+log n extra operations:
-
- (Step 1-2) i and r are obtained as the by-product of the step of check if current number is one of the k-most-frequent numbers, k≦n.
- (Step 3) takes at most log n comparisons
- (Step 4) takes at most n copy operations
Continuing with the example discussed thus far with respect to Table 1, the Ranking table update methodology will be further detailed. Suppose the current number is “4321”, which happens to be in the table and is indexed with 14 in the Number table. From the Ranking table, index 14 currently has a ranking of 13. Frequency table then gets updated (see Table 2 below). Suppose, after the Frequency table update that the frequency of number “4321” now has a rank of 11 (by binary-search of the ranking table). To update the ranking table, all we need to do is to shift each index entry for ranking 11 to 12 in the ranking table one-rank downwards (new rankings of 12 and 13) and then insert the index of “4321”, 14, in the 11th entry of the Ranking table (See below).
TABLE 2 |
Example of Frequency and Ranking Table Update |
Updated Frequency table |
Index | Frequency | ||
1 | 0.2 * 0.9 | ||
2 | 0.7 * 0.9 | ||
. . . | . . . | ||
11 | 3.1 * 0.9 | ||
12 | 0.9 * 0.9 | ||
13 | 2.3 * 0.9 | ||
14 | 0.4 * 0.9 + 1 | ||
Updated Ranking table | ||
|
||
Calls have basic characteristics used to describe and rate the call. Some of the basic characteristics include duration, international/premium-rate, and cost. Variables that are jointly constructed from such features and Frequent-number Sorted Lists are shown to be predictive over a wide number of implementation, geographic regions, and operating conditions, and the like.
In fraud applications, a non-frequent call is defined as a call where the destination number is not one of the k most frequent numbers in Frequent-number Sorted Lists (For illustration purposes, we take k to be seven in the following example). Simple variables can be constructed in a straightforward manner. For example, a binary variable “NOTTOP7” can be defined to take value 1 if a call is a non-frequent call and 0 otherwise. Combining “NOTTOP7” with the cost of the calls allows one to construct the variable “NOTTOP7_COST” to take a non-zero value if the current call is a non-frequent call and 0 otherwise. The larger the value that the variable “NOTTOP7_COST” takes, the higher the risk a call bears.
Based on the simple variables above, sophisticated variables then can be constructed. One class of such variables are “event average” variables. The event average variables approximate the average of discrete events based on the following iterative formula:
where N is a decay parameter that controls the contributions of the historical values compared to the current value in the estimate of the average. Roughly speaking, N determines the contributions of values in the past to the average value. Usually N is set from 5 to 40 in telecom fraud applications. Based on the above iterative formula, the value of NOTTOP7_VAL_AVG is computed iteratively from the current value of NOTTOP7_COSn and its previous value NOTTOP7_VAL_AVGn-1, which would be stored in the caller's profile.
Another example of a filter based variable definition would include velocity variables that can be constructed from a wide variety of mathematical filters. For example, the variable NOTTOP7_VAL can be computed iteratively from NOTTOP7_COST as follows:
where tn and tn-1 are the time of the current and previous call events and α is a decay parameter and commonly set reflect the time over which a time-based average is desired. Variables, such as NOTTOP7_VAL approximate the “velocity” of cost associated with non-frequent calls. Such “velocity” variables are quite predictive in fraud applications. In the below table examples of such variables that are useful in fraud detection are provided:
TABLE 3 |
Examples of Frequent-List derived fraud features |
Variables Based on Frequent-number Lists |
Derived Variables | Basic variables | Explanation |
NOTTOP7_NUM | NOTTOP7 | Number of non- |
frequent calls per | ||
unit of time | ||
NOTTOP7_TIM | NOTTOP7_DUR | Duration of non- |
frequent calls per | ||
unit of time | ||
NOTTTOP7_VAL | NOTTOP7_COST | Call cost of non- |
frequent calls per | ||
unit of time | ||
NOTTOP7_NUM_AVG | NOTTOP7 | Average number of |
non-frequent calls | ||
NOTTOP7_TIM_AVG | NOTTOP7_DUR | Average duration of |
non-frequent calls | ||
per unit of time | ||
NOTTOP7_VAL_AVG | NOTTOP7_COST | Average cost of |
non-frequent calls | ||
It is worth noting that with each transaction the profile is updated and all the variables derived from Frequent-number Lists are computed before lists are updated (in other words the rank is determined and used in variable computations before the Frequent-List is updated).
For “velocity” variables, changing the decay parameter α, allows flexibility regarding placing different weights on past and current events: the larger the decay parameter, the more the past is reflected in the average and the smaller the decay parameter, the more emphasis on the most recent transactions. Ratios of the velocity variables have been found to be effective measures for increases in suspicious use of a phone. Ratio variables are used to detect and emphasize changes in usage and rate of usage. Such ratio variables can also be constructed from event average variables. The ratios are generally considered accelerations as they indicate a time-dependent change in the velocity associated with an increase in the frequency or value of risky transactions.
The set of most frequent destination numbers called by a caller is usually fairly stable. Therefore, the set of the most frequent destination numbers is treated as a signature, referred to as a calling-signature of a caller. In many cases of organized-fraud, a group of fraudsters share similar calling-signatures. In addition, a repeat fraudster who steals several phones will have a similar calling pattern or signature across all phones. In the repeat fraudster situation, finding similar signatures enables fraud analysts to identify phones linked to the same person despite fake or forged identity information. In organized fraud rings, fraudsters in the ring call one another often. Therefore, when one is caught then others can be quickly identified based on a detected common signature with another fraudster in the ring.
In summary, fraudsters usually call similar sets of destination numbers (usually premium and international numbers) in a short period of time. By exploiting this common fraud trait shared amongst fraudsters, additional fraudsters can be identified from those fraudsters who have already been caught by matching historical calling signatures.
There is a need in fraud applications to ensure that the comparisons of signatures are done quickly since most fraud systems provide fraud scores in real-time. One example involves taking the set of the three most frequent destination numbers as signature. A fast approach to match two signatures is based on whether at least two of the three top ranked destination numbers in one signature coincide with two numbers in the signature of a previously caught fraudster. In this example, the three numbers in each signature are denoted by N1, Nm and Ns, where Nl≧Nm≧Ns. Note that a signature {Nl 1, Nm 1, Ns 1} matches another {Nl 2, Nm 2, Ns 2} if and only if at least one of the following conditions holds:
(Nl 1, Nm 1)=(Nl 2, Nm 2),
(Nl 1, Nm 1)=(Nm 2, Ns 2),
(Nl 1, Nm 1)=(Nl 2, Ns 2),
(Nm 1, Ns 1)=(Nl 2, Nm 2),
(Nm 1, Ns 1)=(Nm 2, Ns 2),
(Nm 1, Ns 1)=(Nl 2, Ns 2),
(Nl 1, Ns 1)=(Nl 2, Nm 2),
(Nl 1, Ns 1)=(Nm 2, Ns 2),
(Nl 1, Ns 1)=(Nl 2, Ns 2),
(Nl 1, Nm 1)=(Nl 2, Nm 2),
(Nl 1, Nm 1)=(Nm 2, Ns 2),
(Nl 1, Nm 1)=(Nl 2, Ns 2),
(Nm 1, Ns 1)=(Nl 2, Nm 2),
(Nm 1, Ns 1)=(Nm 2, Ns 2),
(Nm 1, Ns 1)=(Nl 2, Ns 2),
(Nl 1, Ns 1)=(Nl 2, Nm 2),
(Nl 1, Ns 1)=(Nm 2, Ns 2),
(Nl 1, Ns 1)=(Nl 2, Ns 2),
With the above observation, an efficient implementation of signature matching is conducted as follows. For each caught fraudster, three ordered pairs are constructed from the signature {Nl, Nm, Ns}. The three ordered pairs are (Nl, Nm), (Nm, Ns) and (Nl, Ns). These ordered pairs are stored as a hotlist in memory. Upon receiving a call, the Frequent-number List of its caller is updated. From the caller's Frequent Number list, three pairs of destination numbers are constructed similarly. Then a comparison is made of each pair against the fraud signature hotlist of number pairs associated with previously detected fraudsters. If one of the pairs matches one of the pairs in the hotlist of number pairs, then a conclusion is drawn that the current signature matches a signature of a previously caught fraudster. Detecting a signature match with a previously detected fraudster is typically used along with rules to generate fraud cases for review, but can also be used to construct other fraud model variables based on matches with previous fraud signatures.
A second application of the Frequent-behavior List is in credit and debit card fraud detection. In the following section, several applications of the Frequent-behavior List to financial card fraud detection are presented.
Cardholders can make purchases at Point of Sale (POS) devices at merchants. Merchants include brick and mortar merchants, mail order merchants, phone order merchants, and internet merchants. Cardholders can also withdraw cash from automated teller machine (ATM) terminals. Each individual cardholder has a personal spending behavior that tends to consist of one or more regular patterns. For example, one may shop more often in some types of stores than others (or frequently repeatedly at the same merchant), or one's daily spending may be limited to certain zip codes when not traveling. Still another example is that one may often use a couple of convenient ATMs close to home or work to get cash. The most frequently exhibited spending activity demonstrates a pattern of use for a customer and is less risky than those spending events that are new and infrequent compared to that of the customer's historical pattern of use.
Still more specifically, each individual cardholder has his/her own shopping behavior in terms of “what types of merchants they shop at, where they shop, and when the shop”. Individual cardholders also have a cashing behavior in terms of “how much they usually withdraw from the ATM, and where the ATM is located, and when they withdraw from an ATM”. Such details are captured in transaction records. Basic information such as transaction date, time, and dollar amount are recorded in the transaction records. Shopping locations are identified via Merchant IDs, merchant names and street addresses, and merchant ZIP codes. Cashing location are similarly identified via ATM ID, ATM-Host Merchant name, Address, and terminal Postal Code (ZIP). Merchandize categories can be identified via Standard Industrial Codes (SICs) or Merchant Category Codes (MCCs). All of these parameters in the transaction record can be used to track frequent behavior.
The idea of tracking frequency-based spending behavior by Frequent-behavior Lists can be applied to, but not limited by following entities associated with spending patterns.
Location Based Entities:
Location based entities would include those related to ATMs such as ATM terminal ID, ATM-Host Merchant Name, and the Address and Postal Code of the ATM. With respect to Merchants the relevant entities would include Merchant ID and Merchant Name along with location information such as Merchant Address and Merchant Postal Code.
Frequent ATM List
Each ATM can be identified by its ATM Terminal ID. Lists of frequent-visited ATMs capture regular patterns of a cardholders' cashing or withdrawal behavior. The ATM-host merchant name, address, and postal code can be also be used to identify the ATM.
Frequent-Merchant-ID List
Each Merchant-ID uniquely identifies a merchant. By tracking a list of frequently visited merchants, regularity in the cardholder's purchasing patterns including their favorite merchants can be identified. Spending that aligns more closely to regular spending patterns identify less risky transactions.
Frequent-Postal-Code List
Each postal code covers a large geographic area, and usually the cardholder will make purchases or withdraw cash within certain local geographic areas when not traveling. The postal codes of merchants and ATM transactions can be tracked in two separate lists (i.e., Frequent-ATM-Postal-Code List and Frequent-Merchant Postal Code List) or one single list. The granularity (size of the geographic region) can be controlled by how many digits used to specify the postal code of the merchant or the ATM.
Frequent-Merchant-Name List
The above frequent lists are all based on regular patterns associated with geographic or physical locations. It is also observed that cardholders usually patronize the same chain stores. For example, one may favor Sears for clothing and Starbucks for their coffee. Sears stores are located in different geographic locations within a city and a cardholder may visit more than one location of the same chain. Geographic location based frequent lists will not capture “common brand” shopping behaviors. To this end, lists of store chain names can be constructed to track such brand/chain loyalty shopping patterns.
Time-Based Entities
Frequent-Transaction-Time List
The shopping and cashing behavior of individual cardholders exhibits temporal pattern as well. A person may have a pattern as regard to when they withdraw cash. For example, some people may always go to an ATM on weekdays, some on weekends, some at daytime, or some at night time, or the like. Another common example, is when people shop for groceries, some will make a weekly trip on certain days or only weekdays or weekends.
Merchant Category-Based Entities
Frequent-MCC (Merchant Category Code)-Code List.
Different people may spend differently. Some consumers spend a lot in restaurants. Other consumers spend a lot on sports and recreation. Still others spend a lot on clothing. Tracking the Frequency of MCC tracks the types of merchants a cardholder frequently visits.
Frequent-Gas-Station List
When not traveling, people tend to go frequently to only a few gas stations close to home or work. The gas-stations can be recognized by MCC code (5542 and 5541), and they can be uniquely identified by merchant I.D., or the combination of merchant name, address and zip code. Given that gas transactions are typically risky transactions associated with fraudulent card use, knowing that the gas station is a frequently visited one in the history of the cardholder helps identify those gas transactions that are abnormal for the card.
Similar to the basic variables defined in the telecom example, a NOTTOP-N variable in the card fraud area can be defined. The NOTTOP-N variable takes value of 1 when the new transaction does not appear in the TOP-N list, and takes values of 0 if it does. Generally, the NOTTOP-N transactions are more risky.
Additional information from the Frequent-Behavior list can also be used to design basic variables, such the rank of each new transaction in the list, and more specifically, whether it is a HIT (found itself in the list) or MISS (not found itself in the list). Generally, ranking low on the list or a MISS (no match with any entry on the table) is more risky.
Combining with the dollar amount for each ATM transaction, we can construct basic variable such as NOTTOP_N_ATM_AMT to take value of the ATM transaction amount if it is a non-frequent ATM transaction with respect to the list and 0 otherwise. The larger a value variable NOTTOP_N_ATM_AMT takes, the higher the risk the transaction bears.
Using the same methodology introduced in the telecom application, complex variables based on these basic variables can be derived. Event average and velocity variables can be derived as illustrated in the following table, based on the transaction dollar amount (corresponding to the cost of a phone call in the telecom example). These dollar based variables, or frequency variables, provide additional predictive power in card fraud detection. Below are examples associated with a frequent-ATM-list:
TABLE 4 |
Examples of Frequent-Behavior List Variables for ATM card fraud |
Derived Variables | Basic variables | Explanation |
NOTTOP_N_ATM_NUM | NOTTOP_N_ATM | Number of non-frequent ATMs in a |
period of time or a number of events | ||
ATM_MISS_NUM | ATM_MISS | Number of misses in the list in a |
period of time or a number of events | ||
NOTTOP_N_ATM_DOL | NOTTOP_N_ATM_AMT | Dollars spent on the non-frequent ATMs |
in a period of time or a number of events | ||
ATM_MISS_DOL | ATM_MISS_AMT | Dollars spent on the ATMs missed in the list |
in a period of time or a number of events | ||
ATM_RANK_AVG | ATM_RANK | Average ranking of the ATMs in a period of |
time or a number of events | ||
Similarly, ratio variables of velocity and event variables can also be derived to determine acceleration or deceleration associated with risky non-frequent transaction activity associated with the payment card.
In addition, a risk table for different ranks in the list can be generated. The risk table information is then used to identify the risk of the current transaction. Also the data population can be split into two groups: one group that belongs to TOP_N, the other belongs to NOTTOP_N. Each model can be trained separately, which could further improve the fraud detection performance.
Tracking multiple Frequent-Behavior lists could take a lot of profile space to store the frequency-lists. To save space, instead of storing the Key and frequency separately in two units, the two parts can be compressed into one unit as illustrated in the following table (assuming we used a 32-bit unit). The IDs, addresses, names, and ZIPs can be hashed into integers that take fewer bits (say, 16 bit). Practically speaking, 16 bit precision floats are sufficient for frequencies.
16 bits | 16 bits | ||
Key/Hash | Frequency | ||
The list size can be determined by the data statistics to maintain certain miss-rates (the rate that new transactions do not find themselves on the list). Typically, a list size of 4 entities is sufficient for tracking frequently used ATMs by a cardholder.
Similar to the case of Frequent-number lists in the Telecom context, signatures can be constructed from the frequent-behavior lists considered in the above Payment Card examples to detect organized fraud in payment card transactions. For example, the purchases associated with a ring of fraudsters using stolen cards might concentrate on a small number of merchants or a small number of merchandize categories. By matching the signatures (of a card) over a short period to the signatures of recently caught fraudster's cards, cards that have a high likelihood of being compromised and associated with an organized fraud ring can be identified. This likelihood can be used directly with the card-level fraud score to improve fraud detection and increase suspicion associated with an abnormal transaction.
Such embodiments of the inventive subject matter may be referred to herein individually or collectively by the term “invention” merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept, if more than one is in fact disclosed. Thus, although specific embodiments have been illustrated and described herein, any arrangement calculated to achieve the same purpose may be substituted for the specific embodiments shown. This disclosure is intended to cover any and all adaptations or variations of various embodiments. Combinations of the above embodiments and other embodiments not specifically described herein will be apparent to those of skill in the art upon reviewing the above description.
The Abstract of the Disclosure is provided to comply with 37 C.F.R. §1.72(b) requiring an abstract that will allow the reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In the foregoing Detailed Description, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted to require more features than are expressly recited in each claim. Rather, inventive subject matter may be found in less than all features of a single disclosed embodiment. Thus the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separate embodiment.
Claims (12)
1. A computerized method for detecting fraud, the computerized method being implemented by one or more data processors and comprising:
continuously tracking and obtaining, by the one or more data processors, data comprising frequency information of a plurality of activities of one or more entities, the frequency information of the plurality of activities obtained from transaction data for a plurality of electronic data transactions occurring on one or more of: a machine having an Internet Protocol address, an automated teller machine, and a point of sale system;
converting, by the one or more data processors, the frequency information of an activity of the plurality of activities to a frequency variable;
storing, by the one or more data processors, the frequency variable in a frequency table, the frequency table being a frequent-behavior sorted list sorting the plurality of activities according to a frequency of occurrence of the plurality of activities and including at least a portion of the transaction data, the frequent-behavior sorted list being decayed by a multiplicative factor over time;
compressing, by the one or more data processors, the frequency table by combining an activity identifier of the activity of the plurality of activities and the frequency variable for the activity into a single frequency unit;
deriving, by the one or more data processors, a velocity variable and an event variable, the velocity variable and the event variable providing an indication of an acceleration or deceleration of the frequency of occurrence of the plurality of activities;
removing, in response to the frequency variable being added to the frequency table, an entry in the frequency table associated with a lowest-frequency activity;
generating, by the one or more data processors, data comprising a signature of unique activity for an account using the frequency table;
generating, by the one or more data processors, a risk table, the risk table including information associated with a risk of an electronic data transaction being fraudulent;
predicting, in real-time and by the one or more data processors, whether the electronic data transaction, of the plurality of electronic data transactions and associated with the account having the generated signature, is fraudulent by comparing the generated signature associated with the account against one or more historical signatures for other accounts having known fraudulent activity and by comparing the electronic data transaction with the risk table, the other accounts being determined to have the known fraudulent activity in response to the other accounts having one or more activities in the frequency table being below a predefined threshold; and
preventing, by the one or more data processors, completion of the electronic data transaction in response to a prediction that the electronic data transaction associated with the electronic data transaction is fraudulent.
2. The computerized method of claim 1 , wherein the frequency variable is used with at least one other variable to predict fraudulent activity.
3. The computerized method of claim 1 , wherein the predicting of whether the electronic data transaction is fraudulent includes a model that utilizes the frequency variable.
4. The computerized method of claim 1 , wherein the plurality of electronic data transactions include telephone calls.
5. The computerized method of claim 1 , wherein the plurality of electronic data transactions include credit card or debit card purchases.
6. The computerized method of claim 1 , wherein the transactions data is includes transaction location, the transaction location being one or more of unique terminal ID, street address, and postal code of the automated teller machine or the point of sale system.
7. The computerized method of claim 1 , wherein the transaction data includes a transaction amount.
8. The computerized method of claim 1 , wherein the transaction data includes a transaction time.
9. The computerized method of claim 1 , wherein the transaction data includes a transaction category.
10. The computerized method of claim 1 , wherein the transaction data includes a destination phone numbers.
11. A system comprising:
at least one data processor; and
memory storing instructions which, when executed by the at least one data processor, result in operations comprising:
continuously tracking and obtaining data comprising frequency information of a plurality of activities of one or more entities, the frequency information of the plurality of activities obtained from transaction data for a plurality of electronic data transactions occurring on one or more of: a machine having an Internet Protocol address, an automated teller machine, and a point of sale system;
converting the frequency information of an activity of the plurality of activities to a frequency variable;
storing the frequency variable in a frequency table, the frequency table being a frequent-behavior sorted list sorting the plurality of activities according to a frequency of occurrence of the plurality of activities and including at least a portion of the transaction data, the frequent-behavior sorted list being decayed by a multiplicative factor over time;
compressing the frequency table by combining an activity identifier of the activity of the plurality of activities and the frequency variable for the activity into a single frequency unit;
deriving a velocity variable and an event variable, the velocity variable and the event variable providing an indication of an acceleration or deceleration of the frequency of occurrence of the plurality of activities;
removing, in response to the frequency variable being added to the frequency table, an entry in the frequency table associated with a lowest-frequency activity;
generating data comprising a signature of unique activity for an account using the frequency table;
generating a risk table, the risk table including information associated with a risk of an electronic data transaction being fraudulent;
predicting, in real-time, whether the electronic data transaction, of the plurality of electronic data transactions and associated with the account having the generated signature, is fraudulent by comparing the generated signature associated with the account against one or more historical signatures for other accounts having known fraudulent activity and by comparing the electronic data transaction with the risk table, the other accounts being determined to have the known fraudulent activity in response to the other accounts having one or more activities in the frequency table being below a predefined threshold; and
preventing completion of the electronic data transaction in response to a prediction that the electronic data transaction associated with the electronic data transaction is fraudulent.
12. A non-transitory computer program product storing instructions which, when executed by at least one data processor forming part of at least one computing device, result in operations comprising:
continuously tracking and obtaining ,data comprising frequency information of a plurality of activities of one or more entities, the frequency information of the plurality of activities obtained from transaction data for a plurality of electronic data transactions occurring on one or more of: a machine having an Internet Protocol address, an automated teller machine, and a point of sale system;
converting the frequency information of an activity of the plurality of activities to a frequency variable;
storing the frequency variable in a frequency table, the frequency table being a frequent-behavior sorted list sorting the plurality of activities according to a frequency of occurrence of the plurality of activities and including at least a portion of the transaction data, the frequent-behavior sorted list being decayed by a multiplicative factor over time;
compressing the frequency table by combining an activity identifier of the activity of the plurality of activities and the frequency variable for the activity into a single frequency unit;
deriving a velocity variable and an event variable, the velocity variable and the event variable providing an indication of an acceleration or deceleration of the frequency of occurrence of the plurality of activities;
removing, in response to the frequency variable being wherein a frequency related to added to the frequency table, an entry in the frequency table associated with a lowest-frequency activity;
generating data comprising a signature of unique activity for an account using the frequency table;
generating a risk table, the risk table including information associated with a risk of an electronic data transaction being fraudulent;
predicting, in real-time, whether the electronic data transaction, of the plurality of electronic data transactions and associated with the account having the generated signature, is fraudulent by comparing the generated signature associated with the account against one or more historical signatures for other accounts having known fraudulent activity and by comparing the electronic data transaction with the risk table, the other accounts being determined to have the known fraudulent activity in response to the other accounts having one or more activities in the frequency table being below a predefined threshold; and
preventing completion of the electronic data transaction in response to a prediction that the electronic data transaction associated with the electronic data transaction is fraudulent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/340,469 US9773227B2 (en) | 2009-03-04 | 2011-12-29 | Fraud detection based on efficient frequent-behavior sorted lists |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/398,141 US8090648B2 (en) | 2009-03-04 | 2009-03-04 | Fraud detection based on efficient frequent-behavior sorted lists |
US13/340,469 US9773227B2 (en) | 2009-03-04 | 2011-12-29 | Fraud detection based on efficient frequent-behavior sorted lists |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/398,141 Continuation US8090648B2 (en) | 2009-03-04 | 2009-03-04 | Fraud detection based on efficient frequent-behavior sorted lists |
Publications (2)
Publication Number | Publication Date |
---|---|
US20120101937A1 US20120101937A1 (en) | 2012-04-26 |
US9773227B2 true US9773227B2 (en) | 2017-09-26 |
Family
ID=42679032
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/398,141 Active 2030-01-08 US8090648B2 (en) | 2009-03-04 | 2009-03-04 | Fraud detection based on efficient frequent-behavior sorted lists |
US13/340,469 Active 2032-03-17 US9773227B2 (en) | 2009-03-04 | 2011-12-29 | Fraud detection based on efficient frequent-behavior sorted lists |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/398,141 Active 2030-01-08 US8090648B2 (en) | 2009-03-04 | 2009-03-04 | Fraud detection based on efficient frequent-behavior sorted lists |
Country Status (1)
Country | Link |
---|---|
US (2) | US8090648B2 (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10062078B1 (en) * | 2016-06-14 | 2018-08-28 | Square, Inc. | Fraud detection and transaction review |
US10068235B1 (en) * | 2016-06-14 | 2018-09-04 | Square, Inc. | Regulating fraud probability models |
WO2019118087A1 (en) * | 2017-12-15 | 2019-06-20 | Mastercard International Incorporated | Systems and methods for cross-border atm fraud detection |
US10592982B2 (en) | 2013-03-14 | 2020-03-17 | Csidentity Corporation | System and method for identifying related credit inquiries |
US10593004B2 (en) | 2011-02-18 | 2020-03-17 | Csidentity Corporation | System and methods for identifying compromised personally identifiable information on the internet |
US10636035B1 (en) | 2015-06-05 | 2020-04-28 | Square, Inc. | Expedited point-of-sale merchant payments |
US10699028B1 (en) | 2017-09-28 | 2020-06-30 | Csidentity Corporation | Identity security architecture systems and methods |
US10896472B1 (en) | 2017-11-14 | 2021-01-19 | Csidentity Corporation | Security and identity verification system and architecture |
US10909617B2 (en) | 2010-03-24 | 2021-02-02 | Consumerinfo.Com, Inc. | Indirect monitoring and reporting of a user's credit data |
US10915900B1 (en) | 2017-06-26 | 2021-02-09 | Square, Inc. | Interchange action delay based on refund prediction |
US10990979B1 (en) | 2014-10-31 | 2021-04-27 | Experian Information Solutions, Inc. | System and architecture for electronic fraud detection |
US11030562B1 (en) | 2011-10-31 | 2021-06-08 | Consumerinfo.Com, Inc. | Pre-data breach monitoring |
US11151468B1 (en) | 2015-07-02 | 2021-10-19 | Experian Information Solutions, Inc. | Behavior analysis using distributed representations of event data |
US11430070B1 (en) | 2017-07-31 | 2022-08-30 | Block, Inc. | Intelligent application of reserves to transactions |
US11636485B2 (en) | 2018-04-06 | 2023-04-25 | Fair Isaac Corporation | Efficient parallelized computation of global behavior profiles in real-time transaction scoring systems |
US12099940B1 (en) | 2021-09-07 | 2024-09-24 | Experian Information Solutions, Inc. | Behavior analysis using distributed representations of event data |
Families Citing this family (122)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9412123B2 (en) | 2003-07-01 | 2016-08-09 | The 41St Parameter, Inc. | Keystroke analysis |
US10999298B2 (en) | 2004-03-02 | 2021-05-04 | The 41St Parameter, Inc. | Method and system for identifying users and detecting fraud by use of the internet |
US11301585B2 (en) | 2005-12-16 | 2022-04-12 | The 41St Parameter, Inc. | Methods and apparatus for securely displaying digital images |
US8938671B2 (en) | 2005-12-16 | 2015-01-20 | The 41St Parameter, Inc. | Methods and apparatus for securely displaying digital images |
US8151327B2 (en) | 2006-03-31 | 2012-04-03 | The 41St Parameter, Inc. | Systems and methods for detection of session tampering and fraud prevention |
US8768778B2 (en) | 2007-06-29 | 2014-07-01 | Boku, Inc. | Effecting an electronic payment |
GB2457445A (en) * | 2008-02-12 | 2009-08-19 | Vidicom Ltd | Verifying payment transactions |
GB0809383D0 (en) | 2008-05-23 | 2008-07-02 | Vidicom Ltd | Customer to supplier funds transfer |
US9652761B2 (en) | 2009-01-23 | 2017-05-16 | Boku, Inc. | Systems and methods to facilitate electronic payments |
US9990623B2 (en) * | 2009-03-02 | 2018-06-05 | Boku, Inc. | Systems and methods to provide information |
US8700530B2 (en) | 2009-03-10 | 2014-04-15 | Boku, Inc. | Systems and methods to process user initiated transactions |
US9112850B1 (en) | 2009-03-25 | 2015-08-18 | The 41St Parameter, Inc. | Systems and methods of sharing information through a tag-based consortium |
US10346845B2 (en) | 2009-05-15 | 2019-07-09 | Idm Global, Inc. | Enhanced automated acceptance of payment transactions that have been flagged for human review by an anti-fraud system |
US9471920B2 (en) | 2009-05-15 | 2016-10-18 | Idm Global, Inc. | Transaction assessment and/or authentication |
US9595028B2 (en) * | 2009-06-08 | 2017-03-14 | Boku, Inc. | Systems and methods to add funds to an account via a mobile communication device |
US20110004498A1 (en) * | 2009-07-01 | 2011-01-06 | International Business Machines Corporation | Method and System for Identification By A Cardholder of Credit Card Fraud |
US9697510B2 (en) * | 2009-07-23 | 2017-07-04 | Boku, Inc. | Systems and methods to facilitate retail transactions |
US9519892B2 (en) * | 2009-08-04 | 2016-12-13 | Boku, Inc. | Systems and methods to accelerate transactions |
US8326751B2 (en) * | 2009-09-30 | 2012-12-04 | Zynga Inc. | Apparatuses,methods and systems for a trackable virtual currencies platform |
US20110185406A1 (en) * | 2010-01-26 | 2011-07-28 | Boku, Inc. | Systems and Methods to Authenticate Users |
US20110217994A1 (en) * | 2010-03-03 | 2011-09-08 | Boku, Inc. | Systems and Methods to Automate Transactions via Mobile Devices |
US20110238483A1 (en) * | 2010-03-29 | 2011-09-29 | Boku, Inc. | Systems and Methods to Distribute and Redeem Offers |
US8473415B2 (en) | 2010-05-04 | 2013-06-25 | Kevin Paul Siegel | System and method for identifying a point of compromise in a payment transaction processing system |
US8699994B2 (en) | 2010-12-16 | 2014-04-15 | Boku, Inc. | Systems and methods to selectively authenticate via mobile communications |
US8676726B2 (en) | 2010-12-30 | 2014-03-18 | Fair Isaac Corporation | Automatic variable creation for adaptive analytical models |
US20140012724A1 (en) * | 2011-03-23 | 2014-01-09 | Detica Patent Limited | Automated fraud detection method and system |
US9292840B1 (en) | 2011-04-07 | 2016-03-22 | Wells Fargo Bank, N.A. | ATM customer messaging systems and methods |
US9589256B1 (en) * | 2011-04-07 | 2017-03-07 | Wells Fargo Bank, N.A. | Smart chaining |
US8543087B2 (en) | 2011-04-26 | 2013-09-24 | Boku, Inc. | Systems and methods to facilitate repeated purchases |
US9830622B1 (en) | 2011-04-28 | 2017-11-28 | Boku, Inc. | Systems and methods to process donations |
US20120295580A1 (en) * | 2011-05-19 | 2012-11-22 | Boku, Inc. | Systems and Methods to Detect Fraudulent Payment Requests |
US10754913B2 (en) | 2011-11-15 | 2020-08-25 | Tapad, Inc. | System and method for analyzing user device information |
US8655773B1 (en) * | 2012-01-26 | 2014-02-18 | Intuit Inc. | Geo-location based underwriting |
US9633201B1 (en) | 2012-03-01 | 2017-04-25 | The 41St Parameter, Inc. | Methods and systems for fraud containment |
US9521551B2 (en) | 2012-03-22 | 2016-12-13 | The 41St Parameter, Inc. | Methods and systems for persistent cross-application mobile device identification |
EP2880619A1 (en) | 2012-08-02 | 2015-06-10 | The 41st Parameter, Inc. | Systems and methods for accessing records via derivative locators |
WO2014078569A1 (en) | 2012-11-14 | 2014-05-22 | The 41St Parameter, Inc. | Systems and methods of global identification |
US20140244528A1 (en) * | 2013-02-22 | 2014-08-28 | Palo Alto Research Center Incorporated | Method and apparatus for combining multi-dimensional fraud measurements for anomaly detection |
US20140379525A1 (en) * | 2013-06-20 | 2014-12-25 | Bank Of America Corporation | Utilizing voice biometrics |
US10902327B1 (en) | 2013-08-30 | 2021-01-26 | The 41St Parameter, Inc. | System and method for device identification and uniqueness |
US20150161611A1 (en) * | 2013-12-10 | 2015-06-11 | Sas Institute Inc. | Systems and Methods for Self-Similarity Measure |
US9210183B2 (en) * | 2013-12-19 | 2015-12-08 | Microsoft Technology Licensing, Llc | Detecting anomalous activity from accounts of an online service |
US20150193775A1 (en) * | 2014-01-09 | 2015-07-09 | Capital One Financial Corporation | Method and system for providing alert messages related to suspicious transactions |
US10552911B1 (en) * | 2014-01-10 | 2020-02-04 | United Services Automobile Association (Usaa) | Determining status of building modifications using informatics sensor data |
US9779407B2 (en) | 2014-08-08 | 2017-10-03 | Brighterion, Inc. | Healthcare fraud preemption |
US10515367B2 (en) * | 2014-03-31 | 2019-12-24 | Ncr Corporation | Fraud detection in self-service terminal |
US20180053114A1 (en) | 2014-10-23 | 2018-02-22 | Brighterion, Inc. | Artificial intelligence for context classifier |
US10896421B2 (en) | 2014-04-02 | 2021-01-19 | Brighterion, Inc. | Smart retail analytics and commercial messaging |
US20150302464A1 (en) * | 2014-04-16 | 2015-10-22 | Mastercard International Incorporated | Systems and methods for audience performance optimization using credit card data, historical network transaction data, and promotion contact data |
US20150066771A1 (en) | 2014-08-08 | 2015-03-05 | Brighterion, Inc. | Fast access vectors in real-time behavioral profiling |
US9280661B2 (en) | 2014-08-08 | 2016-03-08 | Brighterion, Inc. | System administrator behavior analysis |
US20150032589A1 (en) | 2014-08-08 | 2015-01-29 | Brighterion, Inc. | Artificial intelligence fraud management solution |
US20150339673A1 (en) | 2014-10-28 | 2015-11-26 | Brighterion, Inc. | Method for detecting merchant data breaches with a computer network server |
US20160055427A1 (en) | 2014-10-15 | 2016-02-25 | Brighterion, Inc. | Method for providing data science, artificial intelligence and machine learning as-a-service |
US10032230B2 (en) * | 2014-08-12 | 2018-07-24 | Amadeus S.A.S. | Auditing system with historic sale deviation database |
US20160078444A1 (en) | 2014-09-16 | 2016-03-17 | Mastercard International Incorporated | Systems and methods for providing fraud indicator data within an authentication protocol |
US10091312B1 (en) | 2014-10-14 | 2018-10-02 | The 41St Parameter, Inc. | Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups |
US10546099B2 (en) | 2014-10-15 | 2020-01-28 | Brighterion, Inc. | Method of personalizing, individualizing, and automating the management of healthcare fraud-waste-abuse to unique individual healthcare providers |
US11080709B2 (en) | 2014-10-15 | 2021-08-03 | Brighterion, Inc. | Method of reducing financial losses in multiple payment channels upon a recognition of fraud first appearing in any one payment channel |
US20160063502A1 (en) | 2014-10-15 | 2016-03-03 | Brighterion, Inc. | Method for improving operating profits with better automated decision making with artificial intelligence |
US20160071017A1 (en) | 2014-10-15 | 2016-03-10 | Brighterion, Inc. | Method of operating artificial intelligence machines to improve predictive model training and performance |
US20160078367A1 (en) | 2014-10-15 | 2016-03-17 | Brighterion, Inc. | Data clean-up method for improving predictive model training |
US10290001B2 (en) | 2014-10-28 | 2019-05-14 | Brighterion, Inc. | Data breach detection |
US10560583B2 (en) * | 2014-11-01 | 2020-02-11 | Somos, Inc. | Toll-free numbers metadata tagging, analysis and reporting |
US9412108B2 (en) | 2014-12-11 | 2016-08-09 | Mastercard International Incorporated | Systems and methods for fraud detection by transaction ticket size pattern |
US9167389B1 (en) | 2015-01-15 | 2015-10-20 | Blackpoint Holdings, Llc | Clustering location data to determine locations of interest |
US11093988B2 (en) * | 2015-02-03 | 2021-08-17 | Fair Isaac Corporation | Biometric measures profiling analytics |
US10671915B2 (en) | 2015-07-31 | 2020-06-02 | Brighterion, Inc. | Method for calling for preemptive maintenance and for equipment failure prevention |
US9818116B2 (en) | 2015-11-11 | 2017-11-14 | Idm Global, Inc. | Systems and methods for detecting relations between unknown merchants and merchants with a known connection to fraud |
US9852427B2 (en) | 2015-11-11 | 2017-12-26 | Idm Global, Inc. | Systems and methods for sanction screening |
US11423414B2 (en) * | 2016-03-18 | 2022-08-23 | Fair Isaac Corporation | Advanced learning system for detection and prevention of money laundering |
US10896381B2 (en) * | 2016-03-18 | 2021-01-19 | Fair Isaac Corporation | Behavioral misalignment detection within entity hard segmentation utilizing archetype-clustering |
US9872072B2 (en) * | 2016-03-21 | 2018-01-16 | Google Llc | Systems and methods for identifying non-canonical sessions |
US10902429B2 (en) * | 2016-03-21 | 2021-01-26 | Paypal, Inc. | Large dataset structuring techniques for real time fraud detection |
JP6560639B2 (en) * | 2016-04-15 | 2019-08-14 | 株式会社日立製作所 | Customer service support system and customer service support method |
US9888007B2 (en) | 2016-05-13 | 2018-02-06 | Idm Global, Inc. | Systems and methods to authenticate users and/or control access made by users on a computer network using identity services |
US10949863B1 (en) * | 2016-05-25 | 2021-03-16 | Wells Fargo Bank, N.A. | System and method for account abuse risk analysis |
US20180053188A1 (en) | 2016-08-17 | 2018-02-22 | Fair Isaac Corporation | Customer transaction behavioral archetype analytics for cnp merchant transaction fraud detection |
US10187369B2 (en) | 2016-09-30 | 2019-01-22 | Idm Global, Inc. | Systems and methods to authenticate users and/or control access made by users on a computer network based on scanning elements for inspection according to changes made in a relation graph |
US10250583B2 (en) | 2016-10-17 | 2019-04-02 | Idm Global, Inc. | Systems and methods to authenticate users and/or control access made by users on a computer network using a graph score |
US11367074B2 (en) * | 2016-10-28 | 2022-06-21 | Fair Isaac Corporation | High resolution transaction-level fraud detection for payment cards in a potential state of fraud |
CN108230137B (en) * | 2016-12-14 | 2022-05-03 | 大唐半导体设计有限公司 | Method and device for processing credit investigation data |
WO2018124672A1 (en) | 2016-12-28 | 2018-07-05 | Samsung Electronics Co., Ltd. | Apparatus for detecting anomaly and operating method for the same |
US11468472B2 (en) | 2017-01-12 | 2022-10-11 | Fair Isaac Corporation | Systems and methods for scalable, adaptive, real-time personalized offers generation |
US10389739B2 (en) | 2017-04-07 | 2019-08-20 | Amdocs Development Limited | System, method, and computer program for detecting regular and irregular events associated with various entities |
US10965668B2 (en) | 2017-04-27 | 2021-03-30 | Acuant, Inc. | Systems and methods to authenticate users and/or control access made by users based on enhanced digital identity verification |
US20180365696A1 (en) * | 2017-06-19 | 2018-12-20 | Nec Laboratories America, Inc. | Financial fraud detection using user group behavior analysis |
US11062316B2 (en) * | 2017-08-14 | 2021-07-13 | Feedzai—Consultadoria e Inovaçâo Tecnológica, S.A. | Computer memory management during real-time fraudulent transaction analysis |
US10692058B2 (en) | 2017-09-06 | 2020-06-23 | Fair Isaac Corporation | Fraud detection by profiling aggregate customer anonymous behavior |
US10896424B2 (en) | 2017-10-26 | 2021-01-19 | Mastercard International Incorporated | Systems and methods for detecting out-of-pattern transactions |
US11699032B2 (en) * | 2017-11-03 | 2023-07-11 | Microsoft Technology Licensing, Llc | Data set lookup with binary search integration and caching |
US11017403B2 (en) | 2017-12-15 | 2021-05-25 | Mastercard International Incorporated | Systems and methods for identifying fraudulent common point of purchases |
US11275854B2 (en) | 2018-02-01 | 2022-03-15 | Nuance Communications, Inc. | Conversation print system and method |
CN108510280B (en) * | 2018-03-23 | 2020-07-31 | 上海氪信信息技术有限公司 | Financial fraud behavior prediction method based on mobile equipment behavior data |
US20190342297A1 (en) | 2018-05-01 | 2019-11-07 | Brighterion, Inc. | Securing internet-of-things with smart-agent technology |
CA3051556A1 (en) | 2018-08-10 | 2020-02-10 | Somos, Inc. | Toll-free telecommunications data management interface |
US11151569B2 (en) | 2018-12-28 | 2021-10-19 | Mastercard International Incorporated | Systems and methods for improved detection of network fraud events |
US10937030B2 (en) | 2018-12-28 | 2021-03-02 | Mastercard International Incorporated | Systems and methods for early detection of network fraud events |
US11521211B2 (en) | 2018-12-28 | 2022-12-06 | Mastercard International Incorporated | Systems and methods for incorporating breach velocities into fraud scoring models |
US11157913B2 (en) | 2018-12-28 | 2021-10-26 | Mastercard International Incorporated | Systems and methods for improved detection of network fraud events |
US20200258181A1 (en) * | 2019-02-13 | 2020-08-13 | Yuh-Shen Song | Intelligent report writer |
US11010829B2 (en) * | 2019-06-24 | 2021-05-18 | Accenture Global Solutions Limited | Liquidity management system |
US11461728B2 (en) | 2019-11-05 | 2022-10-04 | International Business Machines Corporation | System and method for unsupervised abstraction of sensitive data for consortium sharing |
US11488172B2 (en) | 2019-11-05 | 2022-11-01 | International Business Machines Corporation | Intelligent agent to simulate financial transactions |
US11676218B2 (en) | 2019-11-05 | 2023-06-13 | International Business Machines Corporation | Intelligent agent to simulate customer data |
US12056720B2 (en) | 2019-11-05 | 2024-08-06 | International Business Machines Corporation | System and method for unsupervised abstraction of sensitive data for detection model sharing across entities |
US11461793B2 (en) | 2019-11-05 | 2022-10-04 | International Business Machines Corporation | Identification of behavioral pattern of simulated transaction data |
US11599884B2 (en) | 2019-11-05 | 2023-03-07 | International Business Machines Corporation | Identification of behavioral pattern of simulated transaction data |
US11488185B2 (en) | 2019-11-05 | 2022-11-01 | International Business Machines Corporation | System and method for unsupervised abstraction of sensitive data for consortium sharing |
US11842357B2 (en) | 2019-11-05 | 2023-12-12 | International Business Machines Corporation | Intelligent agent to simulate customer data |
US11494835B2 (en) | 2019-11-05 | 2022-11-08 | International Business Machines Corporation | Intelligent agent to simulate financial transactions |
US11475468B2 (en) | 2019-11-05 | 2022-10-18 | International Business Machines Corporation | System and method for unsupervised abstraction of sensitive data for detection model sharing across entities |
US11475467B2 (en) | 2019-11-05 | 2022-10-18 | International Business Machines Corporation | System and method for unsupervised abstraction of sensitive data for realistic modeling |
US11556734B2 (en) | 2019-11-05 | 2023-01-17 | International Business Machines Corporation | System and method for unsupervised abstraction of sensitive data for realistic modeling |
CA3114831A1 (en) | 2020-04-10 | 2021-10-10 | Somos, Inc. | Telecommunications call validation platform |
US12008550B2 (en) | 2020-04-15 | 2024-06-11 | Capital One Services, Llc | Post-provisioning authentication protocols |
CN111898626B (en) * | 2020-05-18 | 2023-05-30 | 支付宝(中国)网络技术有限公司 | Model determination method and device and electronic equipment |
CN111800546B (en) * | 2020-07-07 | 2021-12-17 | 中国工商银行股份有限公司 | Method, device and system for constructing recognition model and recognizing and electronic equipment |
US20220318819A1 (en) * | 2021-03-31 | 2022-10-06 | International Business Machines Corporation | Risk clustering and segmentation |
US11611655B2 (en) | 2021-07-08 | 2023-03-21 | Comcast Cable Communications, Llc | Systems and methods for processing calls |
US20230135558A1 (en) * | 2021-11-03 | 2023-05-04 | Bank Of America Corporation | Real-time misappropriation detection and exposure assessment system |
US11886512B2 (en) * | 2022-05-07 | 2024-01-30 | Fair Isaac Corporation | Interpretable feature discovery with grammar-based bayesian optimization |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6330546B1 (en) * | 1992-09-08 | 2001-12-11 | Hnc Software, Inc. | Risk determination and management using predictive modeling and transaction profiles for individual transacting entities |
US6404871B1 (en) * | 1999-12-16 | 2002-06-11 | Mci Worldcom, Inc. | Termination number screening |
US6431439B1 (en) * | 1997-07-24 | 2002-08-13 | Personal Solutions Corporation | System and method for the electronic storage and transmission of financial transactions |
US20060287902A1 (en) * | 2004-09-17 | 2006-12-21 | David Helsper | Fraud risk advisor |
US7376618B1 (en) * | 2000-06-30 | 2008-05-20 | Fair Isaac Corporation | Detecting and measuring risk with predictive models using content mining |
US20080140576A1 (en) * | 1997-07-28 | 2008-06-12 | Michael Lewis | Method and apparatus for evaluating fraud risk in an electronic commerce transaction |
US8082349B1 (en) * | 2005-10-21 | 2011-12-20 | Entrust, Inc. | Fraud protection using business process-based customer intent analysis |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3506068B2 (en) * | 1999-09-29 | 2004-03-15 | 日本電気株式会社 | Outlier value calculator |
US6983368B2 (en) * | 2000-08-04 | 2006-01-03 | First Data Corporation | Linking public key of device to information during manufacture |
JP2004537194A (en) * | 2001-05-17 | 2004-12-09 | ワールドコム・インコーポレイテッド | Cut off collect calls from domestic to international |
WO2005125092A1 (en) * | 2004-06-09 | 2005-12-29 | John Michael Taylor | Identity verification system |
JP4983197B2 (en) * | 2006-10-19 | 2012-07-25 | 富士ゼロックス株式会社 | Authentication system, authentication service providing apparatus, and authentication service providing program |
-
2009
- 2009-03-04 US US12/398,141 patent/US8090648B2/en active Active
-
2011
- 2011-12-29 US US13/340,469 patent/US9773227B2/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6330546B1 (en) * | 1992-09-08 | 2001-12-11 | Hnc Software, Inc. | Risk determination and management using predictive modeling and transaction profiles for individual transacting entities |
US6431439B1 (en) * | 1997-07-24 | 2002-08-13 | Personal Solutions Corporation | System and method for the electronic storage and transmission of financial transactions |
US20080140576A1 (en) * | 1997-07-28 | 2008-06-12 | Michael Lewis | Method and apparatus for evaluating fraud risk in an electronic commerce transaction |
US6404871B1 (en) * | 1999-12-16 | 2002-06-11 | Mci Worldcom, Inc. | Termination number screening |
US7376618B1 (en) * | 2000-06-30 | 2008-05-20 | Fair Isaac Corporation | Detecting and measuring risk with predictive models using content mining |
US8032448B2 (en) * | 2000-06-30 | 2011-10-04 | Fair Isaac Corporation | Detecting and measuring risk with predictive models using content mining |
US20060287902A1 (en) * | 2004-09-17 | 2006-12-21 | David Helsper | Fraud risk advisor |
US8082349B1 (en) * | 2005-10-21 | 2011-12-20 | Entrust, Inc. | Fraud protection using business process-based customer intent analysis |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10909617B2 (en) | 2010-03-24 | 2021-02-02 | Consumerinfo.Com, Inc. | Indirect monitoring and reporting of a user's credit data |
US10593004B2 (en) | 2011-02-18 | 2020-03-17 | Csidentity Corporation | System and methods for identifying compromised personally identifiable information on the internet |
US11568348B1 (en) | 2011-10-31 | 2023-01-31 | Consumerinfo.Com, Inc. | Pre-data breach monitoring |
US11030562B1 (en) | 2011-10-31 | 2021-06-08 | Consumerinfo.Com, Inc. | Pre-data breach monitoring |
US12045755B1 (en) | 2011-10-31 | 2024-07-23 | Consumerinfo.Com, Inc. | Pre-data breach monitoring |
US10592982B2 (en) | 2013-03-14 | 2020-03-17 | Csidentity Corporation | System and method for identifying related credit inquiries |
US10990979B1 (en) | 2014-10-31 | 2021-04-27 | Experian Information Solutions, Inc. | System and architecture for electronic fraud detection |
US11941635B1 (en) | 2014-10-31 | 2024-03-26 | Experian Information Solutions, Inc. | System and architecture for electronic fraud detection |
US11436606B1 (en) | 2014-10-31 | 2022-09-06 | Experian Information Solutions, Inc. | System and architecture for electronic fraud detection |
US10636035B1 (en) | 2015-06-05 | 2020-04-28 | Square, Inc. | Expedited point-of-sale merchant payments |
US11995626B2 (en) | 2015-06-05 | 2024-05-28 | Block, Inc. | Expedited point-of-sale merchant payments |
US11151468B1 (en) | 2015-07-02 | 2021-10-19 | Experian Information Solutions, Inc. | Behavior analysis using distributed representations of event data |
US10062078B1 (en) * | 2016-06-14 | 2018-08-28 | Square, Inc. | Fraud detection and transaction review |
US10068235B1 (en) * | 2016-06-14 | 2018-09-04 | Square, Inc. | Regulating fraud probability models |
US10915900B1 (en) | 2017-06-26 | 2021-02-09 | Square, Inc. | Interchange action delay based on refund prediction |
US11430070B1 (en) | 2017-07-31 | 2022-08-30 | Block, Inc. | Intelligent application of reserves to transactions |
US11157650B1 (en) | 2017-09-28 | 2021-10-26 | Csidentity Corporation | Identity security architecture systems and methods |
US11580259B1 (en) | 2017-09-28 | 2023-02-14 | Csidentity Corporation | Identity security architecture systems and methods |
US10699028B1 (en) | 2017-09-28 | 2020-06-30 | Csidentity Corporation | Identity security architecture systems and methods |
US10896472B1 (en) | 2017-11-14 | 2021-01-19 | Csidentity Corporation | Security and identity verification system and architecture |
WO2019118087A1 (en) * | 2017-12-15 | 2019-06-20 | Mastercard International Incorporated | Systems and methods for cross-border atm fraud detection |
US11403645B2 (en) | 2017-12-15 | 2022-08-02 | Mastercard International Incorporated | Systems and methods for cross-border ATM fraud detection |
US10977653B2 (en) | 2017-12-15 | 2021-04-13 | Mastercard International Incorporated | Systems and methods for cross-border ATM fraud detection |
US11636485B2 (en) | 2018-04-06 | 2023-04-25 | Fair Isaac Corporation | Efficient parallelized computation of global behavior profiles in real-time transaction scoring systems |
US12099940B1 (en) | 2021-09-07 | 2024-09-24 | Experian Information Solutions, Inc. | Behavior analysis using distributed representations of event data |
Also Published As
Publication number | Publication date |
---|---|
US20120101937A1 (en) | 2012-04-26 |
US20100228580A1 (en) | 2010-09-09 |
US8090648B2 (en) | 2012-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9773227B2 (en) | Fraud detection based on efficient frequent-behavior sorted lists | |
Estévez et al. | Subscription fraud prevention in telecommunications using fuzzy rules and neural networks | |
US20180075454A1 (en) | Fraud detection engine and method of using the same | |
US8285639B2 (en) | Location based authentication system | |
US8805737B1 (en) | Computer-implemented multiple entity dynamic summarization systems and methods | |
AU2010246077B2 (en) | Frequency-based transaction prediction and processing | |
AU2012230299B2 (en) | An automated fraud detection method and system | |
US8458069B2 (en) | Systems and methods for adaptive identification of sources of fraud | |
US20140129420A1 (en) | Telecom social network analysis driven fraud prediction and credit scoring | |
US20110208630A1 (en) | Methods and systems for detection of financial crime | |
US20110087495A1 (en) | Suspicious entity investigation and related monitoring in a business enterprise environment | |
US20140279379A1 (en) | First party fraud detection system | |
US7841002B2 (en) | Method for detecting a behavior of interest in telecommunication networks | |
US20050027667A1 (en) | Method and system for determining whether a situation meets predetermined criteria upon occurrence of an event | |
US20170109837A1 (en) | Know your customer alert systems and methods | |
Kraiwanit et al. | Evaluation of internet transaction fraud in Thailand | |
Kau et al. | Impact of subscription fraud in mobile telecommunication companies | |
Ritika | Fraud detection and management for telecommunication systems using artificial intelligence (AI) | |
Venkataram et al. | A method of fraud & intrusion detection for e-payment systems in mobile e-commerce | |
AU2013267037B2 (en) | Frequency-based transaction prediction and processing | |
Baboo et al. | Analysis of spending pattern on credit card fraud detection | |
Estévez Valencia et al. | Subscription fraud prevention in telecommunications using fuzzy rules and neural networks | |
Prabavathy et al. | HMM Based Fault Tolerance in Credit Card Security | |
Lokapur | SDM COLLEGE OF ENGINEERING AND TECHNOLOGY |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: FAIR ISAAC CORPORATION, MINNESOTA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZOLDI, SCOTT M.;LI, HUA;XUE, XINWEI;REEL/FRAME:027460/0871 Effective date: 20090304 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |